Monday, 17 November 2014

PHP has altered a few vulnerabilities permitting remote code execution

The PHP advancement group has discharged new forms keeping in mind the end goal to alter three security vulnerabilities -one of them is said to be a basic one and prompts remote code execution.

The weakness distinguished as "CVE-2014-3669" can result in a whole number flood when parsing uncommonly created serialized information with the unserialize ().The defenselessness is just a 32-bit framework, yet the peril is brought about by the rupture and that the serialized information regularly originate from client controlled channels.

Likewise, the overhauls have been adjusted mistakes connected with the presentation of an invalid byte in the library twist, calling the harm dynamic memory amid transforming of the changed information as an issue of exif_thumbnail () in picture handling (CVE-2014-3670), and also cradle flood in the capacity mkgmtime () from the module XMLRPC (CVE-2014-3668).

These vulnerabilities were found by the Research lab of IT security organization High-Tech Bridge.

The new forms 5.6.2,5.5.18 and 5.4.34 location these three vulnerabilities.